Thales banner

Data Sovereignty Compliance

How to achieve Data, Software and Operational Sovereignty


Data sovereignty is a subset of "digital sovereignty" which refers “to the ability to have control over your own digital destiny – the data, hardware and software that you rely on and create”. Given the awesome reliance of the modern enterprise on digital platforms, digital sovereignty encompasses a huge part of the key platforms, processes and services that make global businesses successful today.

Digital Sovereignty with Thales - eBook

S&P Global Market Intelligence Paper:
Maximizing Cloud Benefit With Digital Sovereignty

Digital sovereignty is the ability for enterprises to have full control over any citizen’s identifiable data to better safeguard citizen privacy. A well-crafted digital sovereignty strategy can help an organization build in privacy by design, enforce continuous control and ultimately unlock the value of the cloud in every jurisdiction where the organization operates.

Get the Whitepaper

Data Sovereignty, Operational Sovereignty and Software Sovereignty

When thinking about a successful cloud strategy, Thales sees data sovereignty as one of the 3 major pillars that support digital sovereignty objectives: along with operational sovereignty, and software sovereignty.

  • Data sovereignty means maintaining control over encryption and access to your data. This ensures sensitive data doesn’t fall into the hands of a foreign entity without express permission resulting in non-compliance with data sovereignty laws by country.
  • Operational sovereignty means giving an organization visibility and control over provider operations. This ensures bad actors or malicious processes cannot access, or prevent you from accessing, your valuable data, such as in the case of privileged user access or a ransomware attack.
  • Software sovereignty means running workloads without dependence on a provider’s software. This gives organizations the freedom to store and run workloads wherever desired to maximize performance, flexibility, and overall resilience.

Why are these 3 pillars important? Organizations that take charge of their data sovereignty in the cloud will find it easier to migrate sensitive workloads to the cloud and manage.

Digital Sovereignty with Thales - eBook

Achieve Digital Sovereignty with Thales - eBook

In our latest eBook we describe how we can help enterprises achieve software, operational and data sovereignty with automated risk assessment and the centralized protection and control of sensitive data across cloud and on-premises systems.

Get the eBook

GDPR Data Sovereignty


Thales enables organizations maintain GDPR compliance in light of Schrems II ruling

The Court of Justice of the European Union (CJEU) decision in the Schrems II ruling invalidated the EU-US Privacy Shield framework. Thales enables organizations to maintain GDPR data sovereignty compliance and adhere to the Schrems II ruling, using a trusted privacy framework for protecting transatlantic data flows that follow these overarching principles.

Learn More About Schrems II

Thales and Google Cloud: Solving the complexities of taking charge of your data

Google Cloud Data Sovereignty

Google Cloud

Google Cloud Platform Security

Thales announced a new collaboration with Google Cloud that will accelerate the ability of enterprises to safely migrate sensitive data between public cloud, hybrid and private IT infrastructures. Google Cloud customers can now maintain strong data sovereignty in the Google Cloud  with encryption key visibility and lifecycle management. 

Learn More About Google Cloud Platform Security

AWS Data Sovereignty in the Cloud

Amazon Web Services (AWS)

Secure workloads across Amazon Web Services (AWS)

Amazon Web Services (AWS) offers convenience and cost savings. However, for you to achieve data sovereignty in the AWS cloud, you need to follow security, privacy and compliance rules, as well as best practices, for protecting data. Thales advanced encryption and centralized key management solutions give you protection and control of in the cloud

Learn More About Amazon Web Services Security

Azure Data Sovereignty in the Cloud

Microsoft Azure

Secure workloads across Microsoft Azure

Whether you are running on 100% Microsoft Azure, or a hybrid cloud, you still need to follow security best practices for protecting data and achieving data sovereignty in the Azure cloud. Thales solutions provide a number of solutions to protect sensitive data leveraging “Bring Your Own Encryption” (BYOE) or “Bring Your Own Key” (BYOK) methodologies. 

Learn More About Microsoft Azure Security

Data Sovereignty Resources

Securing GDPR-compliant Data Post Schrems II

This white paper describes how companies can adhere to the European Data Protection Board’s recommendations to address the Schrems II ruling, using the digital privacy framework provided by Thales’ data protection and trusted access management solutions.

Schrems II and the Security of International Data Flows

In this webinar, the panel will discuss data transfers in a post-Schrems II and post-Brexit era and examine how the current rules and regulations for securing information and maintaining privacy will impact organizations that rely on global access to data. 

Data Security Compliance and Regulations

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

Thales & Accenture video: Data Privacy in the Cloud

How can you ensure your sensitive data in the cloud is protected against malicious outsiders and insider risks? Together, Thales and Accenture can help you decide which security methods are right for your organization to meet global data privacy and sovereignty requirements.

The Keys to Sovereignty in the Cloud

The World Economic Forum estimates that over 92% of all data in the western world is stored on servers owned by very few US-based companies. This concentration creates a situation of high dependence, and a challenge for business resilience.

Digital Sovereignty - Your Data, Their Cloud

Global commerce depends on the transfer of data as much as the transfer of goods and services. When a European court decision invalidated the overall legal protection umbrella agreement between European governments that set forth the data transfer rules between the United States and Europe, the transfer of data overnight became complicated and uncertain.

Can You Trust the Cloud

With a rapidly evolving landscape, Tim will be able to answer your burning questions about the latest guidance to ensure your data is protected and how you can demonstrate compliance so you can continue to focus on enabling your business outcomes.

Other key data protection and security regulations


Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.


Active Now

Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.